Technology

Android phones at risk: PromptSpy malware exploits AI

Generative AI helps malware adapt to different screens and prevent easy removal

By Pareesa Afreen
February 21, 2026
Android phones at risk: PromptSpy malware exploits AI
Android phones at risk: PromptSpy malware exploits AI

Security researchers have discovered a new Android malware operation called PromptSpy, which uses Google Gemini AI to continue running on infected devices. The malware first appeared to ESET in February 2026, and it can adapt to different OS versions and device layouts, which makes removal operations more difficult for users.

The malware primarily targets Argentine users through phishing websites that pretend to be banks for distributing the malicious software.

How does PromptSpy use AI?

PromptSpy uses Gemini AI to analyse the device’s current screen and provide step-by-step tap and swipe instructions, keeping the malicious app pinned in the Recent Apps list. “Leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, greatly expanding the pool of potential victims,” the ESET report says. 

Instead of relying on fixed coordinates, the AI receives an XML screen dump and responds with JSON instructions for the malware.

The malware includes a VNC module for full remote control, abuses Android Accessibility Services to block removal, records lockscreen data, and captures video. It communicates with its C2 server via encrypted channels and can overlay invisible elements over uninstall buttons to prevent deletion.

PromptSpy is delivered via a dropper through dedicated phishing websites, rather than Google Play, and is thought to originate from a Chinese-speaking environment based on code analysis.

PromptSpy represents a new evolution in malware, demonstrating how generative AI can make attacks more dynamic and resilient. By adapting in real time to different interfaces, it increases the difficulty of removal and enhances the impact of the attack.

“PromptSpy is an early example of generative AI-powered Android malware, illustrating how quickly attackers misuse AI tools,” ESET concludes. Users are advised to avoid suspicious websites and rely on security solutions such as Google Play Protect to block known variants.